| 제목 | oretnom23 Food Ordering Management System 1.0 SQL Injection |
|---|
| 설명 | SQL Injection Vulnerability in /ffos/admin/menus/view_menu.php
Vendors Link: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html
Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-ffos.zip
A critical SQL injection vulnerability exists in the /ffos/admin/menus/view_menu.php endpoint of the application. This vulnerability arises due to insufficient sanitization and validation of user-supplied input, which is directly incorporated into SQL queries. An attacker can exploit this flaw by injecting malicious SQL code through parameters passed to the script, potentially allowing unauthorized access to the database. Successful exploitation could lead to the extraction of sensitive data (such as user credentials, menu details, or other records) |
|---|
| 원천 | ⚠️ https://hackmd.io/@gnol719/rJqOPiInye |
|---|
| 사용자 | longkd719 (UID 82854) |
|---|
| 제출 | 2025. 03. 18. AM 09:14 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 27. AM 07:39 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 301495 [SourceCodester Food Ordering Management System 까지 1.0 view_menu.php 아이디 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|